HTTP Header
Last update:2026-04-29 12:01:09
CDNetworks provides an HTTP header management feature that gives you flexible control over the HTTP request and response headers exchanged between CDN nodes, clients, and your origin server. This allows you to customize header behavior to optimize security, caching, and other aspects of your content delivery.
Based on your needs, you can add, replace, or remove HTTP headers in four directions: CDN to Origin Request, CDN to Client Response, CDN Receives Origin Response, and CDN Receives Client Request.
How to Add HTTP Header Rules
- Log in to the CDNetworks Console and select the appropriate product.
- Navigate to the Configuration, locate the domain you wish to configure, and click on Edit Configuration on the top or the Edit button to the right of the domain.
- On the Edit Configuration page, locate Protocol Settings - HTTP Headers, and click Add on the top, then click Custom Rule to start creating a new HTTP header rule.
- The following options are available:
Apply to
Specify the effective range this header rule should apply to. You can choose from these options:
| Parameter | Description |
|---|---|
| All Requests | Apply to all types of requests under the domain. |
| Only Homepage | Apply only to requests in the root directory format, such as http://domain/ or https://domain/. |
| Specific File Type | Apply to specific file types. Select common file types from the list or define custom file types. Separate multiple types with a semicolon ;, e.g., jpg;png. |
| Specific URL Path | Apply to content requests for designated URIs, excluding the scheme. Separate multiple URIs with line breaks. For example, for http://www.test.com/browse/index.html, please enter /browse/index.html. |
| Specific Directory | Apply to content requests under certain directories, e.g., /file/abc/ for all content under http://domain/file/abc/*.Note: Directories must start and end with / and can only include letters, numbers and some special characters (underscore, hyphen, percent sign, period). Separate multiple directories with line breaks. |
| URL Pattern (Regex) | You can also choose to directly enter a regular expression, not required to start with /. The platform will automatically prefix the URL with ^https?://[^/]/, e.g., .*.jpg$, indicating that requests for JPG files across all domains associated with this rule will match this policy. |
Advanced Scope Conditions
You can further refine the rule’s effective scope using Advanced Scope Conditions. This will intersect with the basic Apply to scope for precise control. Select one or more parameters to form an AND relationship with the basic Apply to to target specific requests or responses.
| Parameter | Description |
|---|---|
| User Agent (UA) | Match User Agent strings using regex, e.g., ^Mozilla/4\.0$ for User Agents starting and ending with Mozilla/4.0. |
| Exclude User-Agent | Exclude User Agents using regex. |
| Status Code | Matches specific HTTP status codes. Separate multiple codes with ;, e.g., 200;404. |
| Exclude Status Code | Exclude specific HTTP status codes. |
| Exclude File Type | Exclude certain file types. Separate multiple types with ;. |
| Exclude Custom File Type | Exclude custom file types as needed. Separate multiple types with ;. |
| Exclude Directory | Exclude specific directory paths. Paths must start and end with /. Separate multiple directories with ;. |
| Access-Control-Allow-Methods | Match HTTP request methods. Separate multiple methods with ;, e.g., GET;POST. |
| Exclude Request Method | Exclude specific HTTP request methods. |
| Request Header | Match request headers and their values. Separate with a space, e.g., Range bytes=[0-9]{9,} for Range headers with values starting with bytes= followed by at least 9 digits. |
| Exclude Request Header | Exclude specific request headers and values, using the same format as Request Header. |
| Response Header | Match response headers and their values. Separate with a space, e.g., cache-control max-age= for cache-control headers with values containing max-age=. |
| Exclude Response Header | Exclude specific response headers and values, using the same format as Response Header. |
| Exclude URL (Regex) | Exclude URLs using regex, e.g., .*\.jpg$. |
Action
Choose one of the following:
- Add: Add a new HTTP header.
- Replace: Replace an existing HTTP header with a new value.
- Remove: Remove a specified HTTP header.
Select or Customize an HTTP Header
- Choose from common HTTP headers from our provided list like Expires, Content-Type, Cache-Control, Access-Control-Allow-Origin, etc.
- For headers not in the preset list, select Custom and enter the custom HTTP header name.
Configure the HTTP Header Value
- For Add operation, enter the value in the New Value field. And you could further configure Overwrite or not if there is already an existing one.
- For Replace operation, configure the following:
- New Value (required): Replace the matching header with this new value.
- Old Value (optional): Match this old value to replace. If left blank, all old values will be replaced with the new value.
Note:
For Add and Replace operations, only one HTTP header can be configured per rule. For Remove operations, you can specify multiple headers.
Select the Header Control Direction
Choose the direction where the rule should apply. There are four options: Request to Origin, Response to Client, Response from Origin, and Request from Client.
Priority
Set the rule’s priority. The higher the number, the greater the priority for matching and execution. Rules with higher priority will be executed first under identical matching conditions.
After configuring, click Confirm, then select Next Step to submit your settings. To minimize any potential disruptions to your production environment, we strongly recommend conducting a Pre-deploy test in a staging environment. This crucial step ensures that your configurations are accurate before they go live. Once you have verified the accuracy of the settings, click Deploy Now to implement them in the production environment. The configurations typically become effective within 3-5 minutes. For comprehensive guidance on pre-deployment testing and to verify the effectiveness of your configurations, please consult the tutorial Deploy the Configurations to Staging Environment for Validation.
Notes
- If you configure add, replace and remove operations for the same HTTP header, the priority of these operations will be: Remove > Replace > Add, regardless of the rule priority. Please pay attention to the priority of rules when configuring them to avoid unexpected results.